PT-2019-3848 · Schneider Electric · Modicon Bmenoc 0311+2
Publicado
2019-10-08
·
Atualizado
2019-11-01
·
CVE-2019-6850
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Modicon M580 versions (affected versions not specified)
Modicon BMENOC 0311 versions (affected versions not specified)
Modicon BMENOC 0321 versions (affected versions not specified)
Description
The issue is related to the use of REST API read register commands in the controller's firmware. It may allow a remote attacker to expose protected information. The vulnerability could cause the disclosure of sensitive information when reading specific registers with the REST API of the controller/communication module.
Recommendations
For Modicon M580, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Modicon BMENOC 0311, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Modicon BMENOC 0321, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Modicon Bmenoc 0311
Modicon Bmenoc 0321
Modicon M580